Logging Scenario - Send Local Logs to CloudWatch
Last modified on May 9, 2024
Scenario: You want to save gateway/relay logs to Amazon CloudWatch. This guide presents a simple method to send all gateway/relay logs to a CloudWatch log group.
sdm audit activities command.Set up the Export
Enable relay logging in the Admin UI under Settings > Security within the Log Encryption & Storage tab. Ensure logging is set to FILE.
Generate an AWS access key and AWS secret access key from the AWS GUI. Ensure the key has the AWSAppSyncPushToCloudWatchLogs permission.
Install the Amazon CloudWatch logs agent on the gateway/relay following the Amazon Cloudwatch logs documentation directions. If you already have this agent running, skip to the next step for the lines to add to your
/var/awslogs/etc/awslogs.conffile.For the path, enter
/home/<user>/.sdm/sdm.log*For the destination log group name, call it
SDM-logsor similar. If you have multiple gateways, ensure they all use the same log group name.Under the timestamp format, use the following custom string:
%Y-%m-%dT%H:%M:%SZFor initial upload position, choose From start of file.
In
/var/awslogs/etc/awslogs.conf, verify that you have a section that looks like this:[/home/ubuntu/.sdm/sdm.log*] datetime_format = %Y-%m-%dT%H:%M:%SZ file = /home/ubuntu/.sdm/sdm.log* buffer_duration = 5000 log_stream_name = {instance_id} initial_position = start_of_file log_group_name = SDM-gatewayCheck
/var/log/awslogs.logto ensure there are no errors.Go to the CloudWatch console and verify that there is a log group by the name you specified above.
Look at logs to ensure timestamps are correct and logs are being delivered correctly.